From 68c95ee59349159a8a296f52987e828305b5f331 Mon Sep 17 00:00:00 2001 From: Caleb Date: Fri, 15 Dec 2023 07:28:53 -0500 Subject: [PATCH] remove lvm2 --- conf/build.manifest | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/conf/build.manifest b/conf/build.manifest index 30710b27..be888887 100644 --- a/conf/build.manifest +++ b/conf/build.manifest @@ -170,6 +170,12 @@ base-prune: # remove gnupg to remove class of potential CVEs and also because we # don't use it - gnupg +# The functionality that lvm2 provides is mutually exclusive with +# ZFS so remove it. NOTE: We've also seen a well-known piece of +# software (in the wild) that will SSH into us, use lvm tools to +# create volumes on-top of ZVOLs to _explicitly_ "lock" the +# underlying zvol preventing us from doing anything with it. +- lvm2 # # Update build-epoch when you want to force the next build to be